Target converts to credit cards with PINs, not just signatures, for security reasons
By
Email the author | Follow on Twitter
on October 14, 2015 at 7:30 AM, updated October 14, 2015 at 1:57 PM
Email the author | Follow on Twitter
on October 14, 2015 at 7:30 AM, updated October 14, 2015 at 1:57 PM
The department store -- which also issues a Visa credit card that consumers can use anywhere that accepts credit cards -- began notifying credit card customers this week that new cards are coming. The new cards will be MasterCards and will contain computer chips as well as PINs.
"By requiring a PIN, (customers) are benefitting from an additional layer of security to help protect against someone using their card if it's lost or stolen," said spokeswoman Molly Snyder.
The decision comes as the FBI is saying that credit and debit cards that require PINs, and not just signatures, are safer. Meanwhile, most banks and other credit card issuers are resisting converting to PINs because of cost and because they say customers don't want another piece PIN in a world filled with passwords.
Banks are hanging on to signatures as a way of verifying a person's identity, even though everyone knows that signatures are a charade that can be scribbled and still be accepted. In many cases, for purchases less than $25 or $50, signatures aren't even required on signature credit cards.
Consumers, retailers and banks are dealing with the nation's gradual shift to credit and debit cards with EMV computer chips. Transactions with these cards are more secure. The computer chips can't be duplicated. However, if the transaction information is stolen during a data breach, it can be used to create a counterfeit card with a magnetic stripe that can be used in other stores that don't have payment terminals that require computer chips.
But if the card is designed to require a PIN, a counterfeit card would be no good unless the thief also had the person's PIN, which is nowhere on the card.
In addition, a thief couldn't use a lost or stolen credit card in a store if a PIN was required. A lost or stolen card could, however, be used online.
For now, consumers using the Target credit card will need a PIN to use it in a Target store. It's not yet clear whether consumers will be able to use it in other stores or restaurants without a PIN.
Target customers getting the new credit card will also get a new account number. So they'll need to give their new card information to any companies that are paid automatically, such as for gym memberships or cell phone service.
Target suffered a massive data breach just before Christmas in 2013, setting off a public relations nightmare, a firestorm of customer backlash and the push for safer shopping.
MasterCard, Visa, Discover and American Express established a Oct. 1 deadline for banks and merchants to convert to EMV chip cards or else they could be liable for any fraud involving the card. However, less than half of credit and debit cards have been reissued with chips so far, and less than half of retailers have converted to EMV payment terminals.
A transaction with a chip card is approved using a one-time authentication code, so even if the information is stolen in a data breach, such as the ones at Target, Home Depot, Kmart and P.F. Change, the data cannot be used to create counterfeit cards that could be used at other chip-enabled payment terminals.
That's good, but the cards would be even more secure if consumers had to punch in PINs to use the cards.
Cards with PINs are standard in Europe and many other parts of the world. Using a PIN can make a transaction up to 700 percent more secure, according to the Retail Industry Leaders Association, an industry trade association, which cites a Federal Reserve study.
No comments:
Post a Comment